The Attorney General’s contention in the Supreme Court that privacy is not a fundamental right is disquieting in the context of the ongoing debate over the implications of the collection of biometric data from citizens. It is true that the AG was only replying to the question whether making people part with personal data was not an intrusion into their privacy, and saying that there is a need to defend the > Aadhaar scheme. However, the government’s stand may give rise to the doubt whether it is truly committed to protecting its citizens from violations of their privacy by the unauthorised use of information provided by them. The Constitution does not specify ‘right to privacy’ as a fundamental right, but the law on the subject has evolved considerably in India, and privacy is now seen as an ingredient of personal liberty. Identifying citizens for providing various services, maintaining security and crime-related surveillance and performing governance functions, all involve the collection of information. In recent years, owing to technological developments and emerging administrative challenges, several national programmes and schemes are being implemented through information technology platforms, using computerised data collected from citizens. With more and more transactions being done over the Internet, such information is vulnerable to theft and misuse. Therefore, it is imperative that any system of data collection should factor in privacy risks and include procedures and systems to protect citizen information.
The government faces a formidable legal challenge in implementing its ambitious unique identification programme. Pleas have been made before the Supreme Court questioning the lack of a statutory basis for the collection of biometric details, and the government has to meet this point to the court’s satisfaction. Instead of arguing that privacy is not a fundamental right, it would do well to assure the court that it has the technology and systems to protect the data collected. And that it would do everything possible to prevent unauthorised disclosure of or access to such data. A Group of Experts appointed by the Planning Commission and headed by Justice (retd.) A.P. Shah, came out with a comprehensive report in 2012 containing a framework for a Privacy Act. Such a law, it said, should recognise all dimensions of the right to privacy and address concerns about data safety, protection from unauthorised interception, surveillance, use of personal identifiers and bodily privacy. Underscoring a set of privacy principles, the committee said the underlying idea should be that the data controller should be accountable for the collection, processing and use to which data are put. In its zeal to aggregate data in electronic form and target subsidies better, the government cannot ignore its responsibility to protect citizens from the perils of the cyber era.